cfengine -- arbitrary file overwriting vulnerability

Description:

A Debian Security Advisory reports:

Javier Fernández-Sanguino Peña discovered several
insecure temporary file uses in cfengine, a tool for
configuring and maintaining networked machines, that can
be exploited by a symlink attack to overwrite arbitrary
files owned by the user executing cfengine, which is
probably root.

References:

Affects:

cfengine <2.1.6_1

cfengine2 >0

portaudit: cfengine -- arbitrary file overwriting vulnerability

Disclaimer: The data contained on this page is derived from the VuXML document,
please refer to the the original document for copyright information. The author of
portaudit makes no claim of authorship or ownership of any of the information contained herein.